New Antiexecutable: NoVirusThanks EXE Radar Pro

Perhaps because the security companies complained or scared of losing their cash cow.

 

Actually, strict parent-child process control hasn't got anything to do with HIPS. At the moment ERP allows you to make global rules, but in certain cases it would be handy if you could make process specific rules. For example, certain malware might run the browser to send data. And other malware might launch explorer.exe and svchost.exe in order to perform a process hollowing attack. Obviously, you do not want to be alerted every time that these processes are being launched.

I use SpyShelter for this, the only problem is that the current implementation drives me nuts. You should be able to fine tune it.

 

Actually, you're wrong, it IS a feature related to anti-exe. You can make either global rules, or process specific rules. I already explained why this can be handy. It makes sense to monitor apps that are trying to launch the browser or explorer.exe and svchost.exe, but you can't add these processes to the "vulnerable apps" list, for obvious reasons.

 

PLEASE!!! Let's keep ERP light & simple. It's splendid as it is.

 

I think you guys are misunderstanding. What I'm proposing would keep ERP simple and light. You could still choose to make global rules, but it would give you an option to also make strict rules. For example, stuff like: Only Windows Explorer is allowed to launch Firefox, and only services.exe is allowed to launch svchost.exe.

 

If you want that capability, I suggest you try SpyShelter.

 

Rasheed is already using it

 

Rasheed,
At one point, long ago on page 151 of this thread, NVT answered similar concerns. You were on that page as well, so was Peter.
Take a look at NVT suggestions, in post#3761 for instance, where he answers exact scenarios you just wrote about:
https://www.wilderssecurity.com/thre...e-novirusthanks-exe-radar-pro.300552/page-151
Using ERP, am I 100% comfortable with it? Not really, it's not as strict as SSM was, and fileless crapwares are always of concern, but MBAE (in my case) will likely handle that pest. That said, I'd love to see a table with parent and child columns

 

Use ReHIPS (despite his name i would consider its "HIPS" module more between an anti-exe and a HIPS ), it works more like an anti-exe with parent-children monitoring. and you can edit command lines.

by using it, i removed 2 of my favorite softs i used to use : Sandboxie and ERP

 

Less is more , two questions:
a) any idead when ReHIPS 2 will be released?
b) why use AppGuard with ReHIPS?

 

Where is the beta available as download?

 

Try here:
https://forum.re-crypt.com/index.php/topic,2263.165.html

 

What part of optional don't you understand? It's like talking to a brick wall.

No thanks, I have read about it, and it's not for me. I don't like the way it does the sanboxing, and SpyShelter already offers child process control. The thing is, I don't want to be alerted about every child process, that's too annoying. So a fine tuning option is needed.

Yes correct, back then I also thought it wasn't truly needed, but when you read about how a lot of malware operates, it's a good feature to have. Like I said, currently you can not add explorer.exe and svchost.exe to the vulnerable apps list, because that would most likely break the system.

 

What you don't like , it is the Virtual Desktop? ( if that, you just have to untick a checkbox to isolate in real desktop as Sandboxie does).

 

It depends on the skills of the developer, I don't believe this will make it bloated. And in fact, Smart Object Blocker and Bouncer, who are both quite light, already offer this. With the difference that both don't have a user friendly GUI. But anyway, I don't think that ERP will get an update anytime soon.

 

Yes, I don't like virtual desktops, but I also prefer virtualization of the file system. That's why I also don't really like SpyShelter's sandboxing feature. It's hard to beat Sandboxie, others have tried it in the past think of SafeSpace, BufferZone and GreenBorder, but they all failed. ReHIPS looks too complex overall, so I will not be using it, also not for the anti-exe feature, ERP is good enough.

 

Yes, but adding features from two light programs to a third one might make enough of a difference that the third might become heavy

 

It is what i like in ReHIPS , i like full control of every aspect of the isolated environment (what is isolated, how it is done , what access right and privileges it has, etc...)

indeed , ERP is good enough , with RH i have a 2-in-1 soft, so im happy with it

 

This is getting ridiculous, I didn't ask to add a cloud AV, now that would make it heavy. This is a very simple anti-executable feature, that the developer could easily add. Take a look at SpyShelter, it does a lot more than ERP, but is one of the lightest security apps on the market.

 

You can't really compare SpS with ERP

You are "requesting" that feature all over again (just sayin')
The answer is everytime: "No. Keep it simple"

 

That's not the point. The point is that adding a new feature doesn't automatically makes a program bloated. And it wasn't really a request in my latests post, I just said why it would make sense to add this. Also, I trust in the skills of NVT, I requested an "Install Mode", and it was implemented quite nicely.